osquery-defense-kit

mirror of https://github.com/chainguard-dev/osquery-defense-kit synced 2025-01-10 07:39:26 +00:00

Author	SHA1	Message	Date
Thomas Stromberg	3d7bc8363e	More false positive management	2022-11-16 14:49:36 -05:00
Thomas Stromberg	18f17bbee8	Complete cleanup phase 1	2022-11-16 11:18:45 -05:00
Thomas Stromberg	b8d66ae814	Allow -sP /usr/sbin/firewalld	2022-11-16 11:03:34 -05:00
Thomas Stromberg	8047c88374	Run 'make reformat'	2022-11-16 11:02:29 -05:00
Thomas Stromberg	5d1e64ecc1	Fix file.mode comparisons	2022-11-16 11:01:22 -05:00
Thomas Stromberg	febf6cfebd	Remove newer access time check, add Sublime/Microsoft exclusion	2022-11-16 10:56:58 -05:00
Thomas Stromberg	2f30604c07	Allow Software Signing procs to be empty	2022-11-16 10:56:36 -05:00
Thomas Stromberg	f78cca5844	Be more lenient about Software Signing processes	2022-11-16 10:54:23 -05:00
Thomas Stromberg	398cbde41f	Add more exception for local webhook development	2022-11-16 10:40:46 -05:00
Thomas Stromberg	e8ee572311	Add exception for snap container mounts	2022-11-16 10:39:21 -05:00
Thomas Stromberg	f36b74c487	Fix ko-app allowance	2022-11-16 10:38:22 -05:00
Thomas Stromberg	7527e11a3b	Add systemd-fsckd, blueman-mechanism	2022-11-16 10:37:38 -05:00
Thomas Stromberg	ac4a0b84df	var executables: put quote marks around modes with leading zeros	2022-11-11 07:53:45 -05:00
Thomas Stromberg	4a9a967b47	execdir: Add ~/go and ~/bin exceptions	2022-11-10 12:55:09 -05:00
Thomas Stromberg	f7237c3641	https client: Add cargo running from homedir	2022-11-10 12:26:38 -05:00
Thomas Stromberg	875caaf64e	Add redhat-lsb back	2022-11-10 12:14:18 -05:00
Thomas Stromberg	32e3657221	Accept strace-log-merge anywhere	2022-11-10 11:31:37 -05:00
Thomas Stromberg	47bb017183	Add /usr/local/lib/libmimalloc.so to allowed list of LD_PRELOAD	2022-11-10 11:20:58 -05:00
Thomas Stromberg	f1a3354495	Address false positives: nginx-ingress-controller, dbus, etc	2022-11-10 11:04:48 -05:00
Thomas Stromberg	9b99b0f657	tiny-executable-events: Add child hash & magic data, filter by regular	2022-11-09 09:14:10 -05:00
Thomas Stromberg	c9605d1c98	Add exceptions for terraform, hugo, macOS updates	2022-11-08 14:32:38 -05:00
Thomas Stromberg	748be4c251	Make all of ~/.% an exclusion	2022-11-08 14:22:12 -05:00
Thomas Stromberg	3dec23370c	More exclusions	2022-11-08 12:59:11 -05:00
Thomas Stromberg	f93a18d112	Refactor execdir, remove false positives	2022-11-07 20:36:37 -05:00
Thomas Stromberg	213e29afcc	Simplify macos-execdir, reduce false positives	2022-11-07 10:03:43 -05:00
Thomas Stromberg	cafe37af26	macOS: Add exceptions for SUSE/rancher and DHCP servers	2022-11-04 19:04:31 -04:00
Thomas Stromberg	0e4f49ce78	Allow more gcloud auth paths	2022-11-04 11:57:47 -04:00
Thomas Stromberg	4bf5be2960	Add exception for Wireshark usbmon	2022-11-04 11:52:52 -04:00
Thomas Stromberg	8f873cfd85	Add exception for Tailscale MagicDNS	2022-11-04 11:52:39 -04:00
Thomas Stromberg	8931530901	Populate the initial set of exceptions	2022-11-04 11:52:24 -04:00
Thomas Stromberg	a544ab1f7e	Add exception for vs-kubernetes, add child hash, fix time interval	2022-11-04 10:32:45 -04:00
Thomas Stromberg	87f727fc36	Add Python exception (signed by Ned Deily)	2022-11-04 10:22:35 -04:00
Thomas Stromberg	180efa23e0	Add karabiner_session_monitor exception	2022-11-04 09:57:41 -04:00
Thomas Stromberg	8de176d191	recently-created-executables: add missing comma	2022-11-04 09:12:38 -04:00
Thomas Strömberg	4aa32afc0d	Merge pull request #63 from tstromberg/hidden-home Add detections for hidden home configuration directories	2022-11-04 08:54:34 -04:00
Thomas Stromberg	d9fd2e9d7c	Add detections for hidden home Library directories	2022-11-04 08:51:17 -04:00
Thomas Stromberg	91f0d3e283	Add detections for hidden home configuration directories	2022-11-04 08:50:34 -04:00
Thomas Stromberg	b3fdde9ed7	Add PlayTo for Chromecast	2022-11-04 08:11:33 -04:00
Thomas Stromberg	a29ca8bc2c	jetbrains-toolbox can be owned by anyone	2022-11-04 08:08:43 -04:00
Thomas Stromberg	1790e7b114	Add spotify exception	2022-11-04 08:08:26 -04:00
Thomas Stromberg	35a2162bd7	Add /usr/share/spotify-client	2022-11-04 08:08:09 -04:00
Thomas Stromberg	d74f289c2c	Add snapd and spotify from /usr	2022-11-04 08:07:54 -04:00
Thomas Stromberg	d953cbd0c4	Allow executable tz files in the top-level zoneinfo dir	2022-11-04 08:07:34 -04:00
Thomas Stromberg	948eb2edda	Add tcp/3443 for chrome	2022-11-04 08:07:14 -04:00
Thomas Stromberg	44babb9288	Add exception for ko from a home directory	2022-11-04 08:05:59 -04:00
Thomas Stromberg	2dfc3860ef	Add pavucontrol and snapd	2022-11-03 16:05:07 -04:00
Thomas Stromberg	e650ab6abc	Add exception for Discord	2022-11-03 16:02:45 -04:00
Thomas Stromberg	f2a9e785fe	Refactor unexpected-execdir events for fewer false-positives	2022-11-03 16:00:19 -04:00
Thomas Stromberg	187aacf092	Add a melange build exclusion	2022-11-03 14:25:35 -04:00
Thomas Stromberg	fffff696a7	Ignore weird Logitech commands, and add grandparent process info	2022-11-03 14:25:13 -04:00

1 2 3 4 5

234 Commits